Stories by Lucian Constantin

Cybercriminals increasingly target point of sales systems

The data breach landscape could look very different in the future with the increased adoption of chip-enabled payment cards in North America -- but for now point-of-sale systems account for the majority of breaches there, compared to a tiny minority in other regions of the world.

Memory scraping malware targets Oracle Micros point-of-sale customers

A new malware program designed to steal payment card details from point-of-sale (PoS) systems is targeting businesses using Oracle Micros products.

Hacker turns toy into tool that can open garage doors in seconds

Owners of fixed-code garage door openers might want to consider upgrading them because a researcher has developed a technique that guesses the numbers in seconds.

Researcher warns popular gaming plug-in puts millions of web users at risk from data thieves

A researcher is warning that a gaming plug-in installed on over 200 million PCs contains a flaw that could let attackers steal users' data from websites they're logged into, such as their Web mail and social networking accounts.

Users with weak SSH keys had access to GitHub repositories for popular projects

A number of high-profile source-code repositories hosted on GitHub could have been modified using weak SSH authentication keys, a security researcher has warned.

Fraud campaign installs rogue app on non-jailbroken iPhones

Cybercriminals in Japan are targeting iPhone users with an online scam that tricks them into installing a malicious application when they attempt to view porn videos.

New SOHO router security audit uncovers over 60 flaws in 22 models

In yet another testament of the awful state of home router security, a group of security researchers uncovered more than 60 vulnerabilities in 22 router models from different vendors, most of which were distributed by ISPs to customers.

Tor connections to hidden services could be easy to de-anonymize

Identifying users who access Tor hidden services -- websites that are only accessible inside the Tor anonymity network -- is easier than de-anonymizing users who use Tor to access regular Internet websites.

Like routers, most USB modems also vulnerable to drive-by hacking

The majority of 3G and 4G USB modems offered by mobile operators to their customers have vulnerabilities in their Web-based management interfaces that could be exploited remotely when users visit compromised websites.

Synology patches serious flaws in its network-attached storage devices

Network-attached storage (NAS) manufacturer Synology fixed several vulnerabilities in its devices' software, one of which could allow attackers to compromise the data stored on them.

Attackers use email spam to infect point-of-sale terminals with new malware

Cybercriminals are targeting employees who browse the Web or check their email from point-of-sale (PoS) computers, a risky but unfortunately common practice.

Large scale attack hijacks routers through users' browsers

Cybercriminals have developed a Web-based attack tool to hijack routers on a large scale when users visit compromised websites or view malicious advertisements in their browsers.

Factory reset in Android phones leaves sensitive user data behind

It's common sense to reset an Android phone to its factory state before selling or disposing of it. But beware, researchers recently found that this often fails to properly wipe all sensitive user data from the device.

Netgear and ZyXEL confirm NetUSB flaw, are working on fixes

Networking device manufacturers ZyXEL Communications and Netgear have confirmed that some of their routers are affected by a recently disclosed vulnerability in a USB device-sharing service called NetUSB.

Android stock browser vulnerable to URL spoofing

A vulnerability in Android's default Web browser lets attackers spoof the URL shown in the address bar, allowing for more credible phishing attacks.